Patents by Inventor Chwan-Hwa Wu
Chwan-Hwa Wu has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10484365Abstract: A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.Type: GrantFiled: September 17, 2018Date of Patent: November 19, 2019Assignee: AUBURN UNIVERSITYInventors: Chwan-Hwa Wu, J. David Irwin, David Charles Last, Myers Hawkins, Hao Sun
-
Patent number: 10469251Abstract: The present system and method allow for preemptive, self-healing computer security. The system includes a user device processor and a PSS server processor. The two processors perform an initial Data Structure & Key Mutation (DSKM) method and an interval DSKM method at a given interval to protect secret information and prevent its exposure by attackers. When a user requests a site or service that is an attractive target for attackers, such as a bank site or monetary transfer service, the processors perform a Man in the Browser attack prevention method. When a packet is received or generated, the processors perform a Deep Protocol and Stateful Inspection and Prevention method to prevent receipt of malicious packets or the loss of sensitive information. Various forensics modules allow accurate forensic examination of the type, scope, and method of attack, as well as real-time protection of cloud-based services.Type: GrantFiled: May 5, 2017Date of Patent: November 5, 2019Assignee: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Daoqi Hou
-
Publication number: 20190104118Abstract: A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.Type: ApplicationFiled: September 17, 2018Publication date: April 4, 2019Inventors: Chwan-Hwa WU, J. David IRWIN, David Charles LAST, Myers HAWKINS, Hao SUN
-
Patent number: 10097536Abstract: A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.Type: GrantFiled: December 7, 2015Date of Patent: October 9, 2018Assignee: AUBURN UNIVERSITYInventors: Chwan-Hwa Wu, J. David Irwin, David Charles Last, Myers Hawkins, Hao Sun
-
Publication number: 20170324555Abstract: The present system and method allow for preemptive, self-healing computer security. The system includes a user device processor and a PSS server processor. The two processors perform an initial Data Structure & Key Mutation (DSKM) method and an interval DSKM method at a given interval to protect secret information and prevent its exposure by attackers. When a user requests a site or service that is an attractive target for attackers, such as a bank site or monetary transfer service, the processors perform a Man in the Browser attack prevention method. When a packet is received or generated, the processors perform a Deep Protocol and Stateful Inspection and Prevention method to prevent receipt of malicious packets or the loss of sensitive information. Various forensics modules allow accurate forensic examination of the type, scope, and method of attack, as well as real-time protection of cloud-based services.Type: ApplicationFiled: May 5, 2017Publication date: November 9, 2017Applicant: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Daoqi Hou
-
Publication number: 20160182486Abstract: A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.Type: ApplicationFiled: December 7, 2015Publication date: June 23, 2016Inventors: Chwan-Hwa WU, J. David IRWIN, David Charles LAST, Myers HAWKINS, Hao SUN
-
Patent number: 9208335Abstract: A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.Type: GrantFiled: June 2, 2014Date of Patent: December 8, 2015Assignee: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, David Charles Last, Myers Hawkins, Hao Sun
-
Publication number: 20150082399Abstract: A network security system that employs space-time separated and jointly-evolving relationships to provide fast network access control, efficient real-time forensics capabilities, and enhanced protection for at-rest data in the event of a network breach. The network security system allows, in part, functionality by which the system accepts a request by a user to access the data stored in the database, identifies a sequence of security agents to participate in authenticating and protecting the access of the data by the user, generates a sequence of pseudorandom IDs and space-time varying credentials, checks at each one of the security agents a corresponding one of the credentials, determines that the user is permitted to access the data using access control logs if all the security agents accept the corresponding credentials, and varies the credentials based on a space-time relationship.Type: ApplicationFiled: June 2, 2014Publication date: March 19, 2015Inventors: Chwan-Hwa WU, J. David IRWIN, David Charles LAST, Myers HAWKINS, Hao SUN
-
Patent number: 8510831Abstract: The present disclosure generally pertains to systems and methods for protecting network resources from denial of service attacks. In one exemplary embodiment, a responder stores an access filter value used to determine whether an incoming message frame has been transmitted from an authorized user. In this regard, a user communication device includes logic for determining the access filter value stored at the responder and, includes the access filter value in a message frame transmitted from the computer to the responder. The responder compares the received access filter value to the stored access filter value. If such values match or otherwise correspond, the responder authenticates the message frame. However, if such values do not match or otherwise correspond, the responder discards the message frame. Thus, the responder processes authenticated message frames and discards unauthenticated message frames thereby preventing denial of service attacks from malicious users.Type: GrantFiled: January 19, 2012Date of Patent: August 13, 2013Assignee: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang
-
Patent number: 8261350Abstract: A system for preventing successful denial of service attacks comprises a first communication device, a second communication device, and a network. The first and second communication devices establish a communication session via the network. Based on various information, such as a pre-shared secret, one of the communication devices determines a network access filter value and compares this value to at least one data frame in order to authenticate such data frame without committing significant computing resource and any memory space. By updating the network access filter over time, an unauthorized user who discovers the outdated network access filter values is prevented from successfully launching a denial of service attack.Type: GrantFiled: January 5, 2011Date of Patent: September 4, 2012Assignee: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang, Chun-Ching Huang
-
Publication number: 20120124383Abstract: The present disclosure generally pertains to systems and methods for protecting network resources from denial of service attacks. In one exemplary embodiment, a responder stores an access filter value used to determine whether an incoming message frame has been transmitted from an authorized user. In this regard, a user communication device includes logic for determining the access filter value stored at the responder and, includes the access filter value in a message frame transmitted from the computer to the responder. The responder compares the received access filter value to the stored access filter value. If such values match or otherwise correspond, the responder authenticates the message frame. However, if such values do not match or otherwise correspond, the responder discards the message frame. Thus, the responder processes authenticated message frames and discards unauthenticated message frames thereby preventing denial of service attacks from malicious users.Type: ApplicationFiled: January 19, 2012Publication date: May 17, 2012Applicant: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang
-
Patent number: 8127355Abstract: The present disclosure generally pertains to systems and methods for protecting network resources from denial of service attacks. In one exemplary embodiment, a responder stores an access filter value used to determine whether an incoming message frame has been transmitted from an authorized user. In this regard, a user communication device includes logic for determining the access filter value stored at the responder and includes the access filter value in a message frame transmitted from the computer to the responder. The responder compares the received access filter value to the stored access filter value. If such values match or otherwise correspond, the responder authenticates the message frame. However, if such values do not match or otherwise correspond, the responder discards the message frame. Thus, the responder processes authenticated message frames and discards unauthenticated message frames thereby preventing denial of service attacks from malicious users.Type: GrantFiled: June 1, 2010Date of Patent: February 28, 2012Assignee: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang
-
Patent number: 7937759Abstract: A system for preventing successful denial of service attacks comprises a first communication device, a second communication device, and a network. The first and second communication devices establish a communication session via the network. Based on various information, such as a pre-shared secret, one of the communication devices determines a network access filter value and compares this value to at least one data frame in order to authenticate such data frame without committing significant computing resource and any memory space. By updating the network access filter over time, an unauthorized user who discovers the outdated network access filter values is prevented from successfully launching a denial of service attack.Type: GrantFiled: March 30, 2007Date of Patent: May 3, 2011Assignee: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang, Chun-Ching Huang
-
Publication number: 20110099630Abstract: A system for preventing successful denial of service attacks comprises a first communication device, a second communication device, and a network. The first and second communication devices establish a communication session via the network. Based on various information, such as a pre-shared secret, one of the communication devices determines a network access filter value and compares this value to at least one data frame in order to authenticate such data frame without committing significant computing resource and any memory space. By updating the network access filter over time, an unauthorized user who discovers the outdated network access filter values is prevented from successfully launching a denial of service attack.Type: ApplicationFiled: January 5, 2011Publication date: April 28, 2011Applicant: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang, Chun-Ching Huang
-
Publication number: 20100242112Abstract: The present disclosure generally pertains to systems and methods for protecting network resources from denial of service attacks. In one exemplary embodiment, a responder stores an access filter value used to determine whether an incoming message frame has been transmitted from an authorized user. In this regard, a user communication device includes logic for determining the access filter value stored at the responder and includes the access filter value in a message frame transmitted from the computer to the responder. The responder compares the received access filter value to the stored access filter value. If such values match or otherwise correspond, the responder authenticates the message frame. However, if such values do not match or otherwise correspond, the responder discards the message frame. Thus, the responder processes authenticated message frames and discards unauthenticated message frames thereby preventing denial of service attacks from malicious users.Type: ApplicationFiled: June 1, 2010Publication date: September 23, 2010Applicant: Auburn UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang
-
Patent number: 7774841Abstract: The present disclosure generally pertains to systems and methods for protecting network resources from denial of service attacks. In one exemplary embodiment, a responder stores an access filter value used to determine whether an incoming message frame has been transmitted from an authorized user. In this regard, a user communication device includes logic for determining the access filter value stored at the responder and includes the access filter value in a message frame transmitted from the computer to the responder. The responder compares the received access filter value to the stored access filter value. If such values match or otherwise correspond, the responder authenticates the message frame. However, if such values do not match or otherwise correspond, the responder discards the message frame. Thus, the responder processes authenticated message frames and discards unauthenticated message frames thereby preventing denial of service attacks from malicious users.Type: GrantFiled: October 1, 2004Date of Patent: August 10, 2010Assignee: Aubum UniversityInventors: Chwan-Hwa Wu, J. David Irwin, Chien-Cheng Wang
-
Publication number: 20070266241Abstract: A system for preventing successful denial of service attacks comprises a first communication device, a second communication device, and a network. The first and second communication devices establish a communication session via the network. Based on various information, such as a pre-shared secret, one of the communication devices determines a network access filter value and compares this value to at least one data frame in order to authenticate such data frame without committing significant computing resource and any memory space. By updating the network access filter over time, an unauthorized user who discovers the outdated network access filter values is prevented from successfully launching a denial of service attack.Type: ApplicationFiled: March 30, 2007Publication date: November 15, 2007Inventors: Chwan-Hwa Wu, J. Irwin, Chien-Cheng Wang, Chun-Ching Huang
-
Publication number: 20050144352Abstract: A system for buffering data received from a network comprises a network socket, a plurality of buffers, a buffer pointer pool, receive logic, and packet delivery logic. The buffer pointer pool has a plurality of entries respectively pointing to the buffers. The receive logic is configured to pull an entry from the pool and to perform a bulk read of the network socket. The entry points to one of the buffers, and the receive logic is further configured to store data from the bulk read to the one buffer based on the entry. The packet delivery logic is configured to read, based on the entry, the one buffer and to locate a missing packet sequence in response to a determination, by the packet delivery logic, that the one buffer is storing an incomplete packet sequence. The packet delivery logic is further configured to form a complete packet sequence based on the incomplete packet sequence and the missing packet sequence.Type: ApplicationFiled: October 1, 2004Publication date: June 30, 2005Inventors: Chwan-Hwa Wu, J. Irwin, Chien-Cheng Wang
-
Patent number: 5544280Abstract: A unipolar terminal-attractor based neural associative memory (TABAM) system with adaptive threshold for perfect convergence is presented. By adaptively setting the threshold values for the dynamic iteration for the unipolar binary neuron states with terminal-attractors for the purpose of reducing the spurious states in a Hopfield neural network for associative memory and using the inner-product approach, perfect convergence and correct retrieval is achieved. Simulation is completed with a small number of stored states (M) and a small number of neurons (N) but a large M/N ratio. An experiment with optical exclusive-OR logic operation using LCTV SLMs shows the feasibility of optoelectronic implementation of the models. A complete inner-product TABAM is implemented using a PC for calculation of adaptive threshold values to achieve a unipolar TABAM (UIT) in the case where there is no crosstalk, and a crosstalk model (CRIT) in the case where crosstalk corrupts the desired state.Type: GrantFiled: June 7, 1993Date of Patent: August 6, 1996Assignee: The United States of America as represented by the Administrator of the National Aeronautics and Space AdministrationInventors: Hua-Kuang Liu, Jacob Barhen, Nabil H. Farhat, Chwan-Hwa Wu